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E.O.  12958:  DECL : UPON  CLOSURE  OF  U.S.  EMBASSY  AMMAN 
TAGS:  AADP  ABLD  ACOA  AMGT  ASEC  KSEO  KRIM  KGIT  KNET  KCIP 
SUBJECT:  TEMPEST  COUNTERMEASURES  REQUIREMENTS  - AMMAN 

REF:  A.  95  STATE  230596 
IB.  06  STATE  13022 

Classified  By:  M.J.  STEAKLEY,  DS/ST/CMP,  REASON:  1.4  (C)  AND  (G) 

1.1.  (S/NF)  These  revised  TEMPEST  countermeasures  requirements 
are  effective  immediately.  Requirements  apply  to  the 
Chancery  at  Amman,  Jordan,  located  at  Abdoun,  Al-Umawyeen 
Street,  Amman,  Jordan.  Amman, s threat  levels  at  the  time  of 
this  telegram  are  MEDIUM  for  Technical  and  MEDIUM  for  Human 
Intelligence . 

1.2 . (S)  TEMPEST  requirements  are  determined  by  the  Certified 
TEMPEST  Technical  Authority  (CTTA)  and  approved  by  the 
Countermeasures  Division  Director.  These  requirements  apply 
to  all  information  processing  systems  for  this  facility. 

1_A.  (S)  TOP  SECRET  and  Sensitive  Compartmented  Information 
(SCI)  CLASSIFIED  Automated  Information  System  (AIS):  Post  is 
authorized  to  use  TEMPEST  Level  2 AIS  equipment  for 
processing  classified  national  security  information  (NSI)  at 
the  TOP  SECRET  or  SCI  level  within  the  Embassy  core  area  of 
the  controlled  access  area  (CAA) . Within  a certified 
shielded  enclosure  (CSE)  or  equivalent  that  meets  NSA  94-106 
specifications,  post  is  authorized  to  use 
commercial-off-the-shelf  (COTS)  AIS  equipment. 

IB.  (S)  SECRET  (COLLATERAL)  CLASSIFIED  (AIS):  Post  is 
authorized  to  use  TEMPEST  Level  2 AIS  equipment  for 
processing  classified  NSI  at  the  SECRET  level  within 
restricted  and  core  areas  of  the  CAA.  Post  is  authorized  to 
use  COTS  AIS  equipment  within  a certified  shielded  enclosure 
(CSE)  or  equivalent  that  meets  NSA  94-106  specifications. 

NOTE:  Post  currently  has  COTS  equipment  installed  for 
classified  processing  at  the  SECRET  level  outside  of  a CSE. 

This  equipment  must  be  replaced  with  TEMPEST  Level  2 or 
TEMPEST  Level  1 compliant  AIS  within  24  months  of  the  date  of 
this  telegram.  Effective  immediately,  all  new  procurements 
must  be  for  TEMPEST  Level  2 or  TEMPEST  Level  1 compliant 
equipment . 

IC.  (S)  SENSITIVE  BUT  UNCLASSIFIED  AIS:  Use  of  COTS  AIS  for 
processing  unclassified  and  sensitive  but  unclassified  (SBU) 
within  the  Embassy  restricted  and  core  area  of  the  CAA  is 
approved.  Unclassified  and  multimedia-equipped  unclassified 
processing  equipment  to  be  used  within  a CAA  must  be 
purchased,  shipped,  stored,  installed,  maintained  and 
repaired  in  accordance  with  12  FAH-6  H-542,  and  may  not  be 
located  inside  a CSE. 


13.  (S)  Secure  video-teleconferencing  and  data  collaboration 
( SVDC ) system  installation  and  operation  was  previously 
authorized  in  REFTEL  (B).  As  a result  of  the  TEMPEST 
requirements  change  announced  in  this  telegram,  the  current 
SVDC  equipment  must  either  be  replaced  with  TEMPEST  Level  1 
compliant  equipment  or  the  existing  SVDC  COTS  equipment  must 
be  relocated  and  installed  inside  a CSE.  Request  that  Post,s 
RSO  notify  DS/CMP/ECB  within  60  days  of  this  telegram  whether 
SVDC  equipment  will  remain  in  its  current  location  and  be 
upgraded  to  TEMPEST  Level  1 or  if  the  existing  SVDC  COTS 
equipment  will  be  moved  inside  a CSE.  Should  Post  decide  to 
move  the  existing  SVDC  COTS  equipment  to  a different  location 
inside  a CSE,  a new  SVDC  check  list  must  be  prepared  and 
submitted,  and  a new  authorization  telegram  will  be  issued  by 
DS/ST/CMP  to  formalize  the  decision. 

1[4 . (S)  All  Classified  Automated  Information  System  (CAIS) 
equipment,  components  and  peripherals  must  be  secured  in 
accordance  with  Overseas  Security  Policy  Board  (OSPB) 
requirements  for  classified  discussion,  processing  and/or 
storage  overseas.  Thin  clients  with  embedded  flash  memory, 
at  facilities  with  24-hour  cleared  American  presence,  are 
permitted  to  remain  unsecured  within  the  CAA  as  long  as  the 
equipment  is  rebooted  prior  to  vacating  the  premises. 

15.  (S)  Fiber  optic  cabling  is  required  for  classified 
connectivity.  Fiber  optic  cabling  is  also  required  for 
unclassified  (SBU)  connectivity  for  any  information 
technology  equipment  located  within  a CSE.  Equipment  used  to 
process  classified  information  outside  a CSE  must  be 
installed,  to  the  maximum  extent  possible,  in  accordance  with 
Recommendation  E of  NSTISSAM  TEMPEST/2-95A  with  the  following 
additional  requirements: 

- Be  located  a minimum  of  one  meter  (three  feet  spherical) 
from  other  computer  and  electronic  equipment  used  for 
unclassified  information  processing. 

- Be  located  a minimum  of  one  meter  (three  feet  spherical) 
from  telephones,  modems,  facsimile  machines,  and  unshielded 
telephone  or  signal  lines  that  do  not  leave  USG-controlled 
property  (for  example,  phone  lines  that  go  to  the  post  phone 
switch ) . 


- Be  located  a minimum  of  two  meters  (six  feet  spherical) 
from  telephones,  modems,  facsimile  machines,  and  unshielded 
telephone  or  signal  lines  that  transit  USG-controlled 
property  (for  example,  direct  phone  lines  that  do  not  go 
through  the  post  telephone  switch,  telephone  switch  lines 
going  out,  any  wire  going  to  antennas  on  the  roof,  etc). 

- Be  located  a minimum  of  3 meters  (ten  feet  spherical)  from 
active  radio  transmitters  (two-way  radios,  high  frequency 
transceivers,  satellite  transceivers,  cellular  devices, 

Wi-Fi  devices,  Bluetooth,  etc.)  and  must  not  use  the  same  AC 
power  circuit  as  active  radio  transmitters  (to  include  cell 
phone  chargers ) . 

- Be  located  a minimum  of  three  meters  (ten  feet  spherical) 
from  cable  television  antenna  feeds  and  any  Warren  switch 
with  the  switch  on.  This  distance  can  be  reduced  to  one 
meter  if  the  Warren  switch  is  off  when  processing  classified. 

- Be  located  to  have  no  physical  contact  with  any  other 
office  equipment  or  cabling. 

f.6 . (S)  Classified  conversations  up  to  SECRET  may  be  conducted 
in  the  CAA  offices  or  vaults  in  accordance  with  12  FAH-6 
H-311.10-4.  Classified  conversations  above  the  SECRET  level 
are  restricted  to  relevant  core  areas. 

f.7 . (U)  All  requirements  apply  to  all  agencies  under  Chief  of 
Mission  authority,  and  pertain  to  the  Chancery  building  only. 

Tenant  agencies  may  employ  additional  TEMPEST 
countermeasures  within  their  respective  offices. 


1[8 . (U)  For  further  information  or  clarification  regarding  12 
FAH-6  H-540  Automated  Information  Systems  Standards,  please 
contact  DS/CS/ETPA.  For  other  TEMPEST-related  issues,  please 
contact  Department  CTTA  at  DSCTTA@state.sgov.gov. 

1[9 . (U)  In  accordance  with  12  FAH-6  H-533.2,  Post  must  verify 
that  these  TEMPEST  countermeasures  have  been  implemented; 
DS/ST/CMP  requests  Post  report  so  in  an  updated  Technical 
Security  Assessment  (TSA) . All  proposed  change  requests  to  a 
CAA  countermeasures  environment  must  be  sent  to  the 
Department,  identified  for  DS/ST/CMP  action. 

11.10.  (U)  This  telegram  should  be  retained  by  Post  until 
superseding  requirements  are  received. 

CLINTON 


